formbook

General

Target

aa6168d4e41ced2091baee9f5d59e11e.exe
Size

228KB
Sample

210503-lhpfy6lj8x
MD5

aa6168d4e41ced2091baee9f5d59e11e
SHA1

de7f4a8270fe216e68076ce93243b60d6d6d5f51
SHA256

7c6393b4e86ea5cec49c0f814b17e4bb85aa447c19896037252a94ff6416ce1b
SHA512

37c5d51495c0b53bdcd522d3b4a0346202d6069002b8d35f913a96596eb1a51c4fa41e445673024fbb62b4f701355aabb2e1804075709693c6339d1c3dad95e2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.shoprodeovegas.com/xcl/

Decoy

sewingtherose.com

thesmartshareholder.com

afasyah.com

marolamusic.com

lookupgeorgina.com

plataforyou.com

dijcan.com

pawtyparcels.com

interprediction.com

fairerfinancehackathon.net

thehmnshop.com

jocelynlopez.com

launcheffecthouston.com

joyeveryminute.com

spyforu.com

ronerasanjuan.com

gadgetsdesi.com

nmrconsultants.com

travellpod.com

ballparksportscards.com

Targets

- Target
  
  aa6168d4e41ced2091baee9f5d59e11e.exe
- Size
  
  228KB
- MD5
  
  aa6168d4e41ced2091baee9f5d59e11e
- SHA1
  
  de7f4a8270fe216e68076ce93243b60d6d6d5f51
- SHA256
  
  7c6393b4e86ea5cec49c0f814b17e4bb85aa447c19896037252a94ff6416ce1b
- SHA512
  
  37c5d51495c0b53bdcd522d3b4a0346202d6069002b8d35f913a96596eb1a51c4fa41e445673024fbb62b4f701355aabb2e1804075709693c6339d1c3dad95e2
Score

10^/10

formbook rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2